Helping people with computers... one answer at a time.
The SSID identifies your wireless access point to any computers in range. Having a unique one is helpful, but hiding it is only marginally more secure.
I always hear “CHANGE THE SSID” on your home router. There are two parts to the SSID, correct? The network name and the network password to connect. I realize that the password needs to be changed from the default of admin or whatever, but are people still suggesting that the SSID network name be changed as well? I can see changing the network name to something other than “Linksys” so that you know that it's yours, but why does it matter if others can see this name? All that matters is changing the SSID password, correct?
•
Well, to begin with, a couple of concepts have gotten confused in your question.
There's no such thing as an "SSID password". The SSID is simply the identifier that a Wifi access point can broadcast to let you know that it exists.
The SSID can be changed, and there are good reasons to do so. Broadcasting the SSID can also be disabled, but whether that actually helps anything is debatable.
And finally, this isn't really a router thing because there are routers that have no wireless capabilities and thus, they have no SSID to worry about. This is really a wireless access point thing - whether that access point is a separate device or combined with a router in a single package.
•
That password thing
Even though it's completely unrelated to the SSID, let's first deal with the password issue.
As outlined in How do I secure my router?, there are actually two passwords that you need to concern yourself with:
-
The password used to gain administrative access to the router's configuration
-
The password used as part of WPA encryption used to secure your wireless connections
You should change the first one from its default. Otherwise, anyone with access to your network can reconfigure your router. I have heard of malware that can do exactly that if you leave the password unchanged.
You should add the second - WPA encryption - if you have not. Otherwise, anyone within range can possibly "listen in" on your wireless data.
But neither really have anything to do with SSID.
Change the SSID
You'll need to access your router's configuration to alter these settings. Exactly how you do that varies from router-to-router, so check your router's documentation for instructions.
My example uses a LinkSys WAP54G wireless access point, which is a device separate from my router.
In its configuration, I navigate to the Wireless tab, Basic Wireless Settings page:
Everything that we want to look at is on this page in this access point.
The Network Name (SSID) usually defaults to something that is the same for every one of the access points or routers made by the same manufacturer. Typically, that's the manufacturer's name - LinkSys, in this case.
As you can see, I've changed that to something else:
I've named this access point "NOTENLAN-FR", something that clearly identifies this particular access point and the network to which I have it attached.
You can choose pretty much any name that you like. I've seen SSIDs called things like "Fluffy Bunny" or "Connect here for malware" - the later being a semi-facetious way of telling strangers not to try to connect. (With WPA enabled, they would not be able to anyway, unless they had the proper password.)
But as you've pointed out, it is good to set it to something unique, so that you don't accidentally connect to some other access point and questionable network with the same name as yours.
Broadcasting the SSID
There's a diversity of opinion on whether or not it's helpful to not broadcast your SSID.
As you can see above, mine is set to broadcast.
What does that mean? It means that it shows up in lists like this one:
The available networks there are those whose SSIDs are being broadcast by wireless access points in range.
If you disable the broadcast of the SSID, the wireless network does not appear here. You can still connect to it manually if you know the SSID (and WPA password, if appropriate), but it won't show up in these types of lists automatically.
Broadcasting the SSID and security
There's a misconception that not broadcasting the SSID makes your wireless network more secure.
That's actually only partly true.
If the SSID isn't being broadcast, your wireless network won't show in those "nearby networks" lists. It's a form of security by obscurity in that it keeps your neighbors or anyone else within range from connecting accidentally or otherwise.
However.
It's not really secure. Your network is still technically visible; the packets going to and from your access point can still be intercepted and interpreted. It's slightly more difficult, but still quite possible. Disabling the SSID broadcast doesn't really protect your network from someone who's knowledgeable and intent on connecting.
You still need that WPA password to do that.
So, disable the broadcast or not. Just realize what security you are and more importantly are not getting when you do so.
Article C5049 - January 21, 2012
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
Not broadcasting the SSID helps in certain situations. I work in a place where we have two routers. One for the public, without security key and another one for the employees, secured wifi. We mask the SSID for the secured router, so that the public does not see it, and only the employees with SSID and password can connect.
Posted by: Hira at January 24, 2012 8:48 AMThere are quite a few phones and other devices that show a list of all networks being broadcast or not. In addition, some laptops, media devices (cable, roku boxes, receivers) won't connect even manually to non-broadcasting SSID's even with the password. So not broadcasting your SSID is becoming a mute point and may just add a hassle in connecting a laptop or other device.
Posted by: John at January 24, 2012 9:34 AM'ting is some companies use ssid to close sites eg there is a site about tourist holiday tickets in Britain aimed at overseas tourists but it is deliberately) kept inacessible to the United Kingdom. Tnhe reson for the concealment is that there is a huge difference between the prices for rail passes available overseas and those sold within the UK I have accessed it but only by using a friend's computer when abroad!
28-Jan-2012
When your access point does not broadcast the SSID, it helps but...
When you turn on your laptop - the one that knows it's looking for a LAN named 'Kitty' and should preferentially connect to 'Kitty' if it's availabe, as soon as it wants to connect starts 'shouting' the equivalent of "Here, kitty kitty kitty?". It'll do that when you're at Starbucks, too, even though there's no "Kitty" around.
So malicious listeners-in will know the name of your home network even though it's not broadcasting its SSID.
That and other annoyances when the access point is more-or-less anonymous have convinced me that turning off 'broadcast SSID' is a waste of energy. WPA, or at the very least (and it IS the very least) WEP is mandatory.
28-Jan-2012
This may sound incredible; but I have encountered one combined Router & Wireless Access Point, in which the SSID had been changed from-
the Default of basically the maker's Name & Type
to
the Full Street Address of where it was installed.
Whilst probably not affecting the WiFi Security, it certainly did give an indication of a significant computer installation, fortunately limited by the working range of the WiFi.
Posted by: Alex Dow at February 17, 2012 9:10 AM